[Git][security-tracker-team/security-tracker][master] 3 commits: add libreswan

Thu Aug 17 22:37:47 BST 2023


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd3396f4 by Thorsten Alteholz at 2023-08-17T23:19:24+02:00
add libreswan

- - - - -
d89edf09 by Thorsten Alteholz at 2023-08-17T23:27:57+02:00
mark CVE-2023-37543 as no-dsa for Buster

- - - - -
6bda3cd2 by Thorsten Alteholz at 2023-08-17T23:35:57+02:00
mark CVE-2023-40225 as not-affected for Buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -832,6 +832,7 @@ CVE-2023-40225 (HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x an
 	- haproxy 2.6.15-1 (bug #1043502)
 	[bookworm] - haproxy <postponed> (Minor issue, fix along with future DSA)
 	[bullseye] - haproxy <postponed> (Minor issue, fix along with future DSA)
+	[buster] - haproxy <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/haproxy/haproxy/issues/2237
 	NOTE: https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856
 CVE-2023-4283 (The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site ...)
@@ -955,6 +956,7 @@ CVE-2023-37543 (Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference
 	- cacti <unfixed>
 	[bookworm] - cacti <no-dsa> (Minor issue)
 	[bullseye] - cacti <no-dsa> (Minor issue)
+	[buster] - cacti <no-dsa> (Minor issue)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj
 	NOTE: https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed
 	TODO: check details once GHSA-4x82-8w8m-w8hj accessible, 1.2.6 does not seem correct, reporter claims 1.2.25 wich is not released


=====================================
data/dla-needed.txt
=====================================
@@ -89,6 +89,9 @@ intel-microcode (utkarsh)
   NOTE: 20230815: https://salsa.debian.org/lts-team/packages/intel-microcode/-/commits/releases/buster
   NOTE: 20230815: waiting for hmh to review. (utkarsh)
 --
+libreswan
+  NOTE: 20230817: Added by Front-Desk (ta)
+--
 linux (Ben Hutchings)
   NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1ca787868baa231e16c7683eb8060e9df63cca89...6bda3cd25a83f41bea12b0ae259366c82cff5e42

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1ca787868baa231e16c7683eb8060e9df63cca89...6bda3cd25a83f41bea12b0ae259366c82cff5e42
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230817/2c33f1dc/attachment.htm>
